top of page
  • Writer's pictureAnup Ghosh

Ivanti Connect Secure Troubled by More Vulnerabilities

The Download

If this sounds familiar it is because it's been a rough year for security firm Ivanti, who's vulnerabilities in its products landed CISA in hot water, among thousands of other networks breached through vulnerabilities in Connect Secure. Ivanti disclosed four vulnerabilities in Connect Secure VPN and its Policy Secure products: CVE-2024-21894, CVE-2024-22052, CVE-2024-22053, CVE-2024-22023, ranging from CVSS scores of 5.3 to 8.2. The vulnerabilities can allow remote code execution or denial of service.

What You Can Do

Earlier CISA Directives required Federal agencies to patch or disconnect the Ivanti Secure Connect VPN. We later found out that CISA's critical infrastructure servers were compromised through this vulnerability. So if you are running Ivanti Connect Secure, it is time to patch again.

Do you know if you are vulnerable to this attack?



bottom of page